#!/bin/bash
# The following may be heavily borrowed from, if not
# copied from, the NSA's December 20, 2007 "Guide to the
# Secure Configuration of Red Hat Enterprise Linux 5, Revision 2"

# Title - Restrict Execution of userhelper

#Initialize variables
export PRECHECK="if [ -z $(grep usergroup /etc/group) ]; then echo The group usergroup does not exist; fi"
export QUESTION="Would you like restrict execution of userhelper?"
export DESCRIPTION="The userhelper program provides authentication for graphical services which must run with root privileges, such as the system-config- family of graphical configuration utilities. Only human users logged into the system console are likely to ever have a legitimate need to run these utilities."
export SOLUTION="chgrp usergroup /usr/sbin/userhelper; \
chmod 4710 /usr/sbin/userhelper;"

